Change Healthcare Data Breach

BACK TO INSIGHTS     Articles

3/31/2024

Last month, healthcare technology company Change Healthcare, owned by UnitedHealth through its Optum unit, suffered a cyber-attack which is causing far-reaching consequences. Initially identified by Optum on February 21, 2024 as the unavailability of certain applications and “enterprise-wide connectivity issues,” Optum later identified the issue as a “cyber security issue.” On February 26, 2024, the American Hospital Association published an “AHA Cybersecurity Advisory,“ in order to help members “navigate this evolving incident.” A number of news outlets have been monitoring the evolving information, which has now caught world-wide attention. UnitedHealth offers information on its cyber response website, which is periodically updated, including Q&A about the incident and incident response and information about UnitedHealth’s advancement of temporary financial assistance through its Temporary Funding Assistance Program. Reuters has reported that UnitedHealth Group “has already been hit with at least six class action lawsuits accusing it of failing to protect millions of people’s personal data from last month’s hack of Change Healthcare, its payment processing unit, with more lawsuits likely to come.” In a motion in Washington, D.C., the plaintiffs have requested consolidation of the cases to the Middle District of Tennessee, where Change Healthcare is headquartered. On March 22, 2024, U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Finance Committee and co-chair of the Senate Cybersecurity Caucus, introduced legislation that would provide for advanced and accelerated payments to health care providers in the event of a cyber incident, so long as the provider meets minimum cybersecurity standards. If the provider’s intermediary (such as a business associate vendor) was the target of the incident, the intermediary also must meet minimum cybersecurity standards in order for the provider to receive the payments. Actions and reactions to the incident continue to evolve.

Click Here to read the entire March 2024 Healthcare Law Update now!

If you need assistance with your HIPAA compliance program, an OCR investigation, or a data breach incident, please contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld

Related Industry:   Healthcare